> Now, we need to add X509 based authentication. The idea is that the > user will be able to choose between regular LDAP auth with login/pass > or X509 certificate.
It's supported and we have used it production for several years. I would _strongly_ recommend that you configure your container for optional client auth so that you can gracefully handle "certificate not found" situations with server-side error messages; otherwise you're in the land of very unfriendly client-side "cannot negotiate SSL connection" messages which typically baffle users. Other than that it's simply a matter of defining the authentication handlers and principal resolvers in CAS, UI changes, and possibly some webflow tweaks to handle login form selection and error conditions. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
